hngopher.com

       [HN Gopher] Credit Card Fraud and an Algorithm
       ___________________________________________________________________
        
       Credit Card Fraud and an Algorithm
        
       Author : ankaAr
       Score  : 19 points
       Date   : 2022-05-20 21:58 UTC (1 hours ago)
        
 (HTM) web link (www.lanacion.com.ar)
 (TXT) w3m dump (www.lanacion.com.ar)
        
       | notwedtm wrote:
       | From my understanding CVV/CVCs are a function of the PAN, expiry,
       | and some DES encryption. Does this mean that the target bank had
       | a weak DES key or was some other vulnerability discovered?
        
         | gus_massa wrote:
         | My guess is that he discovered a method to break the Luhn check
         | https://en.wikipedia.org/wiki/Luhn_algorithm that is not a
         | strong check. It's only useful to avoid typos. That's probably
         | enough to make the "send" button happy.
         | 
         | I guess he didn't discover how to break the secret code of the
         | card, and the transactions were flagged by the server
         | immediately. Some servers flag the card secretly, so credit
         | card thieves have more problems to validate the stolen cards.
         | 
         | The press article claims it was something impressive, but my
         | guess is that it's just a bad report by the police or by the
         | journalists.
        
         | dataflow wrote:
         | I don't think it's like that? At least in the US, you can have
         | literally the same card number, expiry, and name, with only the
         | CVC being different.
        
       | ankaAr wrote:
       | A newspaper vendor from Buenos Aires, Argentina,has been captured
       | for credit card fraud with thousands of them.
       | 
       | News and police claimed that he developed an algorithm, to
       | calculate, by hand, valid credit cards numbers and codes.
       | 
       | Ps: his last name is Falsetti, false.. etti
       | 
       | Edit: I don't know where is the URL, I will add that here (in
       | Spanish).
       | 
       | https://www.lanacion.com.ar/seguridad/falsetti-el-estafador-...
        
         | gus_massa wrote:
         | Autotranslation: https://www-lanacion-com-
         | ar.translate.goog/seguridad/falsett...
         | 
         | I read it this morning and was very surprised. Is this just
         | some congruence modulo a big number? Is this check well known
         | and the police/newspaper is overhyping then discovery?
         | 
         | (If it's so secret and powerful, why are they publishing a
         | photo of the method?)
        
       ___________________________________________________________________
       (page generated 2022-05-20 23:00 UTC)